question

MoAlom-8444 avatar image
0 Votes"
MoAlom-8444 asked saldana-msft edited

CMG Certificate Renewal Error

Hi All,

Our CMG certificate has expired and trying to update it with new certificate issued using our local CA. When i try to apply the new certificate I'm getting the following error below. I have restarted the SCCM server and the SQL Box and and also tried stopping the CMG service in order to apply the new certificate. I have logged into Azure and uploaded the new certificate in the cloud Service (Classic) however that has not reflected back in the console.

Any help will be much appreciated.


"The SMS Provider reported an error:

ConfigMgr Error Object:
instance of SMS_ExtendedStatus
{
CauseInfo = "";
Description = "SQL command failed: ";
ErrorCode = 2168786178;
File = "..\\sspazureservice.cpp";
Line = 442;
ObjectInfo = "Please check SMS Provider log file for details of the SQL errors";
Operation = "PutInstance";
ParameterInfo = "";
ProviderName = "ExtnProv";
SQLMessage = "[23000][547][Microsoft][SQL Server Native Client 11.0][SQL Server]The UPDATE statement conflicted with the REFERENCE constraint \"Proxy_Settings_Azure_Service_FK\". The conflict occurred in database \"CM_XXX\", table \"dbo.Proxy_Settings\", column 'ProxyServerName'.";
SQLSeverity = 16;
SQLStatus = 547;
StatusCode = 2147749889;
};


Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException
The SMS Provider reported an error.


Stack Trace:
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport)
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put()
at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock)
at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger)



System.Management.ManagementException
Generic failure


Stack Trace:
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport)
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put()
at Microsoft.ConfigurationManagement.AdminConsole.SmsDialogData.Put(Boolean retainLock)
at Microsoft.ConfigurationManagement.AdminConsole.DialogFramework.Forms.SmsPropertySheet.Put(ActionTrigger trigger)



SMSProv.log

![105555-image.png][1]



mem-cm-generalazure-cloud-services
image.png (72.8 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MoAlom-8444

Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.

If you don't have the ability to open a technical support ticket, please let me know. I can help with that.

0 Votes 0 ·

This same thing happened to me earlier. I wanted to reply with a comment in case anyone else has this issue as well.

For me, I had both the subject name of the primary site server and the CMG in the certificate. This caused the wizard in SCCM to change the drop down for the "service name" from the CMG to the site server and I didn't notice. So when I clicked apply, it was incorrectly trying to apply to the primary site server as the service name and not the CMG. Once I changed this service name back to the CMG, once I clicked Apply/OK it did not error out anymore.

Said another way:
1 - Open the CMG properties
2 - On the settings tab, make sure the CMG is selected as the service name
3 - Browse for the new cert and confirm DNS warnings that come up
4 - Back on the main page, make sure the service name didn't change. If it did, change it back to the CMG
5 - Click Apply/OK and you should be good.

0 Votes 0 ·

1 Answer

Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered MoAlom-8444 commented

Hi @MoAlom-8444

From the logs, it is a problem in the database, where the data and constraints are in conflict.

It is suggested to delete CMG completely and re-build.

Besides, in Q&A, database may not be operated directly. I appreciate your understanding that we are not the best channel to address this issue accurately. To get better support, I suggest you call Professional Support Services so that a dedicate engineer will help you solve this issue in a more efficient way. Thank you for your understanding.

To obtain the phone numbers for specific technology request please take a look at the web site listed below.
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers



If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

If I was to delete the CMG will I be able to reuse the same service name when rebuilding it?

I have only the 1 VM instance in my setup and don't want to go through the whole setup with a new service name.


Thanks
Mo

0 Votes 0 ·